diff --git a/beszel/docker-compose.yml b/beszel/docker-compose.yml new file mode 100644 index 0000000..2c5467f --- /dev/null +++ b/beszel/docker-compose.yml @@ -0,0 +1,18 @@ +--- +services: + beszel: + image: henrygd/beszel + container_name: beszel + restart: unless-stopped + volumes: + - data:/beszel_data + networks: + - caddy + +volumes: + data: + +networks: + caddy: + name: "caddy" + external: true \ No newline at end of file diff --git a/beszel/readme.md b/beszel/readme.md new file mode 100644 index 0000000..025f7a3 --- /dev/null +++ b/beszel/readme.md @@ -0,0 +1,2 @@ +* SMART monitoring requires some bullshit to get working, see service file for example and follow https://beszel.dev/guide/smart-data#troubleshooting +* You can bind the agents listening port to tailscale with the LISTEN variable, see service file \ No newline at end of file diff --git a/beszel/with-smart.service b/beszel/with-smart.service new file mode 100644 index 0000000..8be17a5 --- /dev/null +++ b/beszel/with-smart.service @@ -0,0 +1,27 @@ +[Unit] +Description=Beszel Agent Service +After=network.target + +[Service] +Environment="LISTEN=100.70.0.2:45876" +Environment="KEY=" +Environment="TOKEN=" +Environment="HUB_URL=" + +Environment="SMART_DEVICES=/dev/sda:sat,/dev/sdb:sat,/dev/sdc:sat,/dev/sdd:sat,/dev/sde:sat,/dev/sdf:sat,/dev/sdg:sat,/dev/sdh:sat" +ExecStart=/opt/beszel-agent/beszel-agent +User=beszel +Restart=always +RestartSec=5 + +DeviceAllow=/dev/sda r +DeviceAllow=/dev/sdb r +DeviceAllow=/dev/sdc r +DeviceAllow=/dev/sdd r +DeviceAllow=/dev/sde r +DeviceAllow=/dev/sdf r +DeviceAllow=/dev/sdg r +DeviceAllow=/dev/sdh r + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/jellyfin/docker-compose.yml b/jellyfin/docker-compose.yml index 78822d7..9368177 100644 --- a/jellyfin/docker-compose.yml +++ b/jellyfin/docker-compose.yml @@ -5,23 +5,16 @@ services: container_name: jellyfin user: 1000:1000 group_add: - - "993" + - "993" # For hw accelerated transcoding volumes: - config:/config - cache:/cache - /srv/media:/media devices: - - /dev/dri/renderD128:/dev/dri/renderD128 + - /dev/dri/renderD128:/dev/dri/renderD128 # for hw accelerated transcoding ports: - 8096:8096 - networks: - - caddy volumes: config: cache: - -networks: - caddy: - name: caddy - external: true \ No newline at end of file diff --git a/nextcloud-and-onlyoffice/nextcloud.yml b/nextcloud-and-onlyoffice/nextcloud.yml new file mode 100644 index 0000000..83d0340 --- /dev/null +++ b/nextcloud-and-onlyoffice/nextcloud.yml @@ -0,0 +1,391 @@ +services: + nextcloud-aio-apache: + depends_on: + nextcloud-aio-notify-push: + condition: service_started + required: false + nextcloud-aio-nextcloud: + condition: service_started + required: false + image: ghcr.io/nextcloud-releases/aio-apache:latest + user: "33" + init: true + healthcheck: + start_period: 0s + test: /healthcheck.sh + interval: 30s + timeout: 30s + start_interval: 5s + retries: 3 + ports: + - 100.70.0.2:41443:41443 + # - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp + # - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/udp + environment: + - NC_DOMAIN + - NEXTCLOUD_HOST=nextcloud-nextcloud + - APACHE_HOST=nextcloud-apache + - COLLABORA_HOST=nextcloud-collabora + - TALK_HOST=nextcloud-talk + - APACHE_PORT + - ONLYOFFICE_HOST=onlyoffice-documentserver + - TZ=${TIMEZONE} + - APACHE_MAX_SIZE + - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME} + - NOTIFY_PUSH_HOST=nextcloud-notifypush + - WHITEBOARD_HOST=nextcloud-whiteboard + - HARP_HOST=nextcloud-harp + - AIO_LOG_LEVEL # added 2026-05-15 + volumes: + - nextcloud_aio_nextcloud:/var/www/html:ro + - nextcloud_aio_apache:/mnt/data:rw + restart: unless-stopped + read_only: true + tmpfs: + - /var/log/supervisord + - /var/run/supervisord + - /usr/local/apache2/logs + - /tmp + - /home/www-data + cap_drop: + - NET_RAW + networks: + - nextcloud + container_name: nextcloud-apache + + # nextcloud-aio-database: + # image: ghcr.io/nextcloud-releases/aio-postgresql:latest + # user: "999" + # init: true + # healthcheck: + # start_period: 0s + # test: /healthcheck.sh + # interval: 30s + # timeout: 30s + # start_interval: 5s + # retries: 3 + # expose: + # - "5432" + # volumes: + # - nextcloud_aio_database:/var/lib/postgresql/data:rw + # - nextcloud_aio_database_dump:/mnt/data:rw + # environment: + # - POSTGRES_PASSWORD=${DATABASE_PASSWORD} + # - POSTGRES_DB=nextcloud_database + # - POSTGRES_USER=nextcloud + # - TZ=${TIMEZONE} + # - PGTZ=${TIMEZONE} + # stop_grace_period: 1800s + # restart: unless-stopped + # shm_size: 268435456 + # read_only: true + # tmpfs: + # - /var/run/postgresql + # cap_drop: + # - NET_RAW + + nextcloud-aio-nextcloud: + depends_on: + # nextcloud-aio-database: + # condition: service_started + # required: false + nextcloud-aio-redis: + condition: service_started + required: false + nextcloud-aio-fulltextsearch: + condition: service_started + required: false + nextcloud-aio-imaginary: + condition: service_started + required: false + image: ghcr.io/nextcloud-releases/aio-nextcloud:latest + init: true + healthcheck: + start_period: 0s + test: /healthcheck.sh + interval: 30s + timeout: 30s + start_interval: 5s + retries: 3 + expose: + - "9000" + - "9001" + volumes: + - nextcloud_aio_nextcloud:/var/www/html:rw + - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw + # - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw + - /usr/local/share/ca-certificates:/usr/local/share/ca-certificates:ro #modified + environment: + - NEXTCLOUD_HOST=nextcloud-nextcloud + - POSTGRES_HOST=postgres # modified + - POSTGRES_PORT=5432 + - POSTGRES_PASSWORD=${DATABASE_PASSWORD} + - POSTGRES_DB=nextcloud # modified + - POSTGRES_USER=nextcloud + - REDIS_HOST=nextcloud-redis + - REDIS_PORT=6379 + - REDIS_HOST_PASSWORD=${REDIS_PASSWORD} + - APACHE_HOST=nextcloud-apache + - APACHE_PORT + - NC_DOMAIN + - ADMIN_USER=admin + - ADMIN_PASSWORD=${NEXTCLOUD_PASSWORD} + - NEXTCLOUD_DATA_DIR=/mnt/ncdata + - OVERWRITEHOST=${NC_DOMAIN} + - OVERWRITEPROTOCOL=https + - TURN_SECRET + - SIGNALING_SECRET + - ONLYOFFICE_SECRET + - NEXTCLOUD_MOUNT + - CLAMAV_ENABLED + - CLAMAV_HOST=nextcloud-aio-clamav + - ONLYOFFICE_ENABLED + - COLLABORA_ENABLED + - COLLABORA_HOST=nextcloud-aio-collabora + - TALK_ENABLED + - ONLYOFFICE_HOST=onlyoffice-documentserver + - UPDATE_NEXTCLOUD_APPS + - TZ=${TIMEZONE} + - TALK_PORT + - IMAGINARY_ENABLED + - IMAGINARY_HOST=nextcloud-imaginary + - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT} + - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT} + - FULLTEXTSEARCH_ENABLED + - FULLTEXTSEARCH_HOST=nextcloud-fulltextsearch + - FULLTEXTSEARCH_PROTOCOL=http + - FULLTEXTSEARCH_PORT=9200 + - FULLTEXTSEARCH_USER=elastic + - FULLTEXTSEARCH_INDEX=nextcloud-aio + - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME} + - TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR} + - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS} + - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS} + - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS} + - INSTALL_LATEST_MAJOR + - TALK_RECORDING_ENABLED + - RECORDING_SECRET + - TALK_RECORDING_HOST=nextcloud-aio-talk-recording + - FULLTEXTSEARCH_PASSWORD + - REMOVE_DISABLED_APPS + - IMAGINARY_SECRET + - WHITEBOARD_SECRET + - WHITEBOARD_ENABLED + - AIO_LOG_LEVEL # added 2026-05-15 + stop_grace_period: 600s + restart: unless-stopped + cap_drop: + - NET_RAW + networks: + - nextcloud + - postgres + container_name: nextcloud-nextcloud + + nextcloud-aio-notify-push: + image: ghcr.io/nextcloud-releases/aio-notify-push:latest + user: "33" + init: true + healthcheck: + start_period: 0s + test: /healthcheck.sh + interval: 30s + timeout: 30s + start_interval: 5s + retries: 3 + expose: + - "7867" + volumes: + - nextcloud_aio_nextcloud:/var/www/html:ro + environment: + - NEXTCLOUD_HOST=nextcloud-nextcloud + - POSTGRES_HOST=postgres + - REDIS_HOST=nextcloud-redis + - TZ=${TIMEZONE} + - AIO_LOG_LEVEL # added 2026-05-15 + restart: unless-stopped + read_only: true + cap_drop: + - NET_RAW + networks: + - nextcloud + - postgres + container_name: nextcloud-notifypush + + nextcloud-aio-redis: + image: ghcr.io/nextcloud-releases/aio-redis:latest + user: "999" + init: true + healthcheck: + start_period: 0s + test: /healthcheck.sh + interval: 30s + timeout: 30s + start_interval: 5s + retries: 3 + expose: + - "6379" + environment: + - REDIS_HOST_PASSWORD=${REDIS_PASSWORD} + - TZ=${TIMEZONE} + - AIO_LOG_LEVEL # added 2026-05-15 + volumes: + - nextcloud_aio_redis:/data:rw + restart: unless-stopped + read_only: true + cap_drop: + - NET_RAW + networks: + - nextcloud + container_name: nextcloud-redis + + # nextcloud-aio-onlyoffice: + # image: ghcr.io/nextcloud-releases/aio-onlyoffice:latest + # init: true + # healthcheck: + # start_period: 60s + # test: /healthcheck.sh + # interval: 30s + # timeout: 30s + # start_interval: 5s + # retries: 9 + # expose: + # - "80" + # environment: + # - TZ=${TIMEZONE} + # - JWT_ENABLED=true + # - JWT_HEADER=AuthorizationJwt + # - JWT_SECRET=${ONLYOFFICE_SECRET} + # volumes: + # - nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw + # restart: unless-stopped + # # profiles: + # # - onlyoffice + # cap_drop: + # - NET_RAW + # networks: + # - nextcloud + # container_name: nextcloud-onlyoffice + + nextcloud-aio-imaginary: + image: ghcr.io/nextcloud-releases/aio-imaginary:latest + user: "65534" + init: true + healthcheck: + start_period: 0s + test: /healthcheck.sh + interval: 30s + timeout: 30s + start_interval: 5s + retries: 3 + expose: + - "9000" + environment: + - TZ=${TIMEZONE} + - IMAGINARY_SECRET + - AIO_LOG_LEVEL # added 2026-05-15 + restart: unless-stopped + cap_add: + - SYS_NICE + cap_drop: + - NET_RAW + # profiles: + # - imaginary + read_only: true + tmpfs: + - /tmp + networks: + - nextcloud + container_name: nextcloud-imaginary + + nextcloud-aio-fulltextsearch: + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:latest + init: false + healthcheck: + start_period: 60s + test: /healthcheck.sh + interval: 10s + timeout: 5s + start_interval: 5s + retries: 5 + expose: + - "9200" + environment: + - TZ=${TIMEZONE} + - ES_JAVA_OPTS=${FULLTEXTSEARCH_JAVA_OPTIONS} + - bootstrap.memory_lock=false + - cluster.name=nextcloud-aio + - discovery.type=single-node + - logger.level=WARN + - http.port=9200 + - xpack.license.self_generated.type=basic + - xpack.security.enabled=false + - FULLTEXTSEARCH_PASSWORD + - AIO_LOG_LEVEL # added 2026-05-15 + volumes: + - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw + restart: unless-stopped + # profiles: + # - fulltextsearch + cap_drop: + - NET_RAW + networks: + - nextcloud + container_name: nextcloud-fulltextsearch + + nextcloud-aio-whiteboard: + image: ghcr.io/nextcloud-releases/aio-whiteboard:latest + user: "65534" + init: true + healthcheck: + start_period: 0s + test: /healthcheck.sh + interval: 30s + timeout: 30s + start_interval: 5s + retries: 3 + expose: + - "3002" + tmpfs: + - /tmp + environment: + - TZ=${TIMEZONE} + - NEXTCLOUD_URL=https://${NC_DOMAIN} + - JWT_SECRET_KEY=${WHITEBOARD_SECRET} + - STORAGE_STRATEGY=redis + - REDIS_HOST=nextcloud-redis + - REDIS_PORT=6379 + - REDIS_HOST_PASSWORD=${REDIS_PASSWORD} + - BACKUP_DIR=/tmp + - AIO_LOG_LEVEL # added 2026-05-15 + restart: unless-stopped + read_only: true + cap_drop: + - NET_RAW + networks: + - nextcloud + container_name: nextcloud-whiteboard + +volumes: + nextcloud_aio_apache: + name: nextcloud_aio_apache + # nextcloud_aio_database: + # name: nextcloud_aio_database + # nextcloud_aio_database_dump: + # name: nextcloud_aio_database_dump + nextcloud_aio_elasticsearch: + name: nextcloud_aio_elasticsearch + nextcloud_aio_nextcloud: + name: nextcloud_aio_nextcloud + # nextcloud_aio_onlyoffice: + # name: nextcloud_aio_onlyoffice + nextcloud_aio_redis: + name: nextcloud_aio_redis + nextcloud_aio_nextcloud_data: + name: nextcloud_aio_nextcloud_data + +networks: + nextcloud: + name: "nextcloud" + postgres: + name: "postgres" + external: true diff --git a/nextcloud-and-onlyoffice/onlyoffice.yml b/nextcloud-and-onlyoffice/onlyoffice.yml new file mode 100644 index 0000000..dafd3b1 --- /dev/null +++ b/nextcloud-and-onlyoffice/onlyoffice.yml @@ -0,0 +1,87 @@ +services: + onlyoffice-documentserver: + # build: + # context: . + image: onlyoffice/documentserver #[-de,-ee] + container_name: onlyoffice-documentserver + depends_on: + # - onlyoffice-postgresql + - onlyoffice-rabbitmq + environment: + - DB_TYPE=postgres + - DB_HOST=postgres + - DB_PORT=5432 + - DB_NAME=onlyoffice + - DB_USER=onlyoffice + - DB_PWD= # database password here (maybe use an env file?) + - AMQP_URI=amqp://guest:guest@onlyoffice-rabbitmq + # Uncomment strings below to enable the JSON Web Token validation. + - JWT_ENABLED=true + - JWT_SECRET= # random sufficiently long string here, save it for later you'll need to give this to nextcloud + - JWT_HEADER=Authorization + - JWT_IN_BODY=true + # ports: + # - '80:80' + # - '443:443' + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8000/info/info.json"] + interval: 30s + retries: 5 + start_period: 60s + timeout: 10s + stdin_open: true + restart: unless-stopped + stop_grace_period: 60s + volumes: + - ./certs:/var/www/onlyoffice/Data + - onlyoffice_log:/var/log/onlyoffice + - onlyoffice_cache:/var/lib/onlyoffice/documentserver/App_Data/cache/files + networks: + - nextcloud + - postgres + + onlyoffice-rabbitmq: + container_name: onlyoffice-rabbitmq + image: rabbitmq:3 + restart: unless-stopped + # expose: + # - '5672' + healthcheck: + test: ["CMD", "rabbitmq-diagnostics", "status"] + interval: 10s + retries: 3 + start_period: 10s + timeout: 10s + networks: + - nextcloud + + # onlyoffice-postgresql: + # container_name: onlyoffice-postgresql + # image: postgres:15 + # environment: + # - POSTGRES_DB=onlyoffice + # - POSTGRES_USER=onlyoffice + # - POSTGRES_HOST_AUTH_METHOD=trust + # restart: always + # expose: + # - '5432' + # volumes: + # - postgresql_data:/var/lib/postgresql + # healthcheck: + # test: ["CMD-SHELL", "pg_isready -U onlyoffice"] + # interval: 10s + # retries: 3 + # start_period: 10s + # timeout: 10s + +volumes: + onlyoffice_log: + onlyoffice_cache: + +networks: + nextcloud: + name: "nextcloud" + external: true + postgres: + name: "postgres" + external: true \ No newline at end of file diff --git a/nextcloud-and-onlyoffice/readme.md b/nextcloud-and-onlyoffice/readme.md new file mode 100644 index 0000000..8f0dad8 --- /dev/null +++ b/nextcloud-and-onlyoffice/readme.md @@ -0,0 +1,13 @@ +# this is a clusterfuck and I do not recommend using this +The only reason I did this was because I was annoyed by the Nextcloud AIO interface, but it is a *bitch* to maintain this because they make breaking changes upstream that you need to investigate later when it blows up + +This is also pretty hacked together and the onlyoffice compose relies on the nextcloud compose to be up and running first. yes nextcloud has the onlyoffice container in the upstream compose but it didn't work for me, hence this nonsense + +**this also depends on an already running postgres container; nextcloud ignores the POSTGRES_USER variable and expects to logon to the database as `oc_nextcloud`** + +onlyoffice settings in nextcloud: +* onlyoffice docs address: URL as the *user* accesses it, e.g. cloud.meow.tld +* secret key: the JWT_SECRET variable as set in onlyoffice.yml line 20 +* authorization header: leave blank for default +* **onlyoffice address for internal requests**: http://onlyoffice-documentserver/ +* **server address for internal requests**: http://nextcloud-apache:41443/ \ No newline at end of file diff --git a/qbittorrent-gluetun/docker-compose.yml b/qbittorrent-gluetun/docker-compose.yml new file mode 100644 index 0000000..7010180 --- /dev/null +++ b/qbittorrent-gluetun/docker-compose.yml @@ -0,0 +1,37 @@ +--- +services: + gluetun: + image: qmcgaw/gluetun + restart: unless-stopped + cap_add: + - NET_ADMIN + devices: + - /dev/net/tun:/dev/net/tun + environment: + - TZ=America/Vancouver + - VPN_TYPE=wireguard + - VPN_SERVICE_PROVIDER=mullvad + - SERVER_HOSTNAMES= # Mullvad server id, eg us-sea-wg-001, from https://mullvad.net/en/servers + - WIREGUARD_PRIVATE_KEY= # Download a wireguard configuration file from mullvads website and copy the private key here + - WIREGUARD_ADDRESSES= # and the address here + - DNS_ADDRESS=1.1.1.1 + - DNS_UPSTREAM_RESOLVER_TYPE=doh + - BLOCK_MALICIOUS=off + ports: + - 15000:15000 # All traffic to qbittorrent goes through gluetun; set qbits WEBUI_PORT here and on line 30; see https://github.com/qdm12/gluetun-wiki/blob/main/setup/port-mapping.md + + qbittorrent: + image: lscr.io/linuxserver/qbittorrent:latest + restart: unless-stopped + environment: + - PUID=1000 + - PGID=1000 + - TZ=America/Vancouver + - WEBUI_PORT=15000 # This needs to match the port mapping on line 21 + volumes: + - config:/config + - /srv/bittorrent/:/downloads # Downloads folder from host shared between qbit and servarr containers; set UID/GID on line 27 & 28 to match the owner/group on host + network_mode: "service:gluetun" + +volumes: + config: \ No newline at end of file diff --git a/servarr/docker-compose.yml b/servarr/docker-compose.yml index c984fdf..0716b65 100644 --- a/servarr/docker-compose.yml +++ b/servarr/docker-compose.yml @@ -13,10 +13,9 @@ services: - radarr_config:/config - /srv/media/movies:/movies - /srv/bittorrent/:/downloads - networks: - - servarr - - caddy - + ports: + - "100.70.0.2:7878:7878" + sonarr: image: linuxserver/sonarr restart: unless-stopped @@ -29,9 +28,8 @@ services: - sonarr_config:/config - /srv/media/tv:/tv - /srv/bittorrent/:/downloads - networks: - - servarr - - caddy + ports: + - "100.70.0.2:8989:8989" prowlarr: image: linuxserver/prowlarr @@ -39,9 +37,8 @@ services: container_name: servarr-prowlarr volumes: - prowlarr_config:/config - networks: - - servarr - - caddy + ports: + - "100.70.0.2:9696:9696" flaresolverr: image: ghcr.io/flaresolverr/flaresolverr @@ -49,8 +46,6 @@ services: container_name: servarr-flaresolverr environment: - LOG_LEVEL=info - networks: - - servarr volumes: sonarr_config: @@ -62,9 +57,3 @@ volumes: prowlarr_config: external: true name: servarr_prowlarr_config - -networks: - servarr: - caddy: - name: caddy - external: true diff --git a/stalwart/docker-compose.yml b/stalwart/docker-compose.yml new file mode 100644 index 0000000..fd7856e --- /dev/null +++ b/stalwart/docker-compose.yml @@ -0,0 +1,84 @@ +--- +services: + stalwart: + image: stalwartlabs/stalwart:latest + container_name: stalwart + restart: unless-stopped + depends_on: + - postgres + volumes: + - ./stalwart-etc:/etc/stalwart + - stalwart-var:/var/lib/stalwart + ports: + - 25:25 + - 465:465 + # - 443:443 + - 993:993 + - 100.70.0.4:8080:8080 + networks: + - caddy + - postgres +# environment: +# - STALWART_RECOVERY_MODE=true +# - STALWART_RECOVERY_ADMIN=admin:bruhmoment + + postgres: + image: postgres:18-alpine + container_name: postgres + restart: unless-stopped + shm_size: 256mb + volumes: + - ./postgres-data:/var/lib/postgresql + environment: + - POSTGRES_USER=stalwart + - POSTGRES_DB=stalwart + - POSTGRES_PASSWORD + networks: + - postgres + + caddy: + image: caddy:latest + container_name: caddy + restart: unless-stopped + volumes: + - caddy-data:/data + - caddy-config:/config + - ./Caddyfile:/etc/caddy/Caddyfile + ports: + - 80:80 + - 443:443 + - 443:443/udp + networks: + - caddy + + bulwark: + image: ghcr.io/bulwarkmail/webmail:latest + container_name: bulwark + restart: unless-stopped + # ports: + # - 3000:3000 + volumes: + - ./bulwark-settings:/app/data/settings + environment: + - JMAP_SERVER_URL=https://postoffice.enstrayed.com + - STALWART_FEATURES=true + - OAUTH_ENABLED=true + - OAUTH_ONLY=true + - OAUTH_CLIENT_ID=stalwart-webui + - OAUTH_ISSUER_URL + - SESSION_SECRET + - SETTINGS_SYNC_ENABLED=true + networks: + - caddy + + +networks: + caddy: + name: "caddy" + postgres: + name: "postgres" + +volumes: + caddy-data: + caddy-config: + stalwart-var: \ No newline at end of file diff --git a/vaultwarden/docker-compose.yml b/vaultwarden/docker-compose.yml new file mode 100644 index 0000000..3f6f0ff --- /dev/null +++ b/vaultwarden/docker-compose.yml @@ -0,0 +1,23 @@ +--- +services: + vaultwarden: + image: vaultwarden/server:latest + container_name: vaultwarden + restart: unless-stopped + env_file: .env + volumes: + - data:/data/ + networks: + - caddy + - postgres + +volumes: + data: + +networks: + caddy: + external: true + name: "caddy" + postgres: + external: true + name: "postgres" \ No newline at end of file diff --git a/vaultwarden/env.example b/vaultwarden/env.example new file mode 100644 index 0000000..90c6aef --- /dev/null +++ b/vaultwarden/env.example @@ -0,0 +1,12 @@ +ADMIN_TOKEN='' +DOMAIN='' +DATABASE_URL='postgresql://vaultwarden:nowaybuddy@postgres:5432/vaultwarden' + +SSO_ENABLED='true' +SSO_AUTHORITY='' +SSO_SCOPES='email profile offline_access' +SSO_CLIENT_ID='' +SSO_CLIENT_SECRET='' +SSO_ONLY='true' +SSO_SIGNUPS_MATCH_EMAIL='false' +SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION='true' \ No newline at end of file